A critical deserialization vulnerability has been identified in the H2O-3 platform, assigned CVE-2025-5662 with a CVSS score of 9.8. This flaw allows an unauthenticated remote attacker to execute arbitrary code on the server by sending a malicious request to a specific API endpoint. Successful exploitation would result in a complete compromise of the affected system, enabling data theft, further network intrusion, or service disruption.

The vulnerability exists within the H2O-3 REST API, specifically in the POST /99/ImportSQLTable endpoint. The application fails to properly validate and sanitize user-supplied data before deserializing it. A remote, unauthenticated attacker can craft a malicious serialized object and send it to this endpoint. The server will process this object, leading to the execution of arbitrary code with the permissions of the H2O-3 service account.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker full control over the server running the H2O-3 instance, leading to severe business consequences. These risks include the theft or modification of sensitive data processed by the machine learning platform, deployment of ransomware, using the compromised server as a pivot point to attack the internal network, and significant reputational damage. The ease of exploitation by an unauthenticated attacker elevates the risk to the highest level.

Immediate Action: Immediately update all instances of H2O-3 to a patched version later than 3.46.0.7, as recommended by the vendor. After patching, monitor system and application logs for any signs of exploitation attempts that may have occurred prior to the update, paying close attention to requests targeting the /99/ImportSQLTable endpoint.

Proactive Monitoring:

• Log Analysis: Scrutinize web server and application access logs for any POST requests to the /99/ImportSQLTable endpoint. Investigate any such requests originating from untrusted or unexpected IP addresses.
• Network Traffic: Monitor for unusual outbound connections from servers running H2O-3, which could indicate a successful compromise and communication with a command-and-control server.
• Endpoint Detection: Use endpoint security tools to monitor for the creation of suspicious processes, unexpected file modifications, or anomalous system behavior on the host machine.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Use a Web Application Firewall (WAF) or reverse proxy to block all access to the /99/ImportSQLTable API endpoint.
• Restrict network access to the H2O-3 instance at the network level, ensuring it is only accessible from trusted IP addresses.
• Run the H2O-3 service as a low-privilege user to limit the potential impact of a remote code execution event.

Public Exploit Available: False

This is a critical, unauthenticated remote code execution vulnerability that requires immediate attention. The potential for complete system compromise presents a severe risk to the organization. All administrators of H2O-3 platforms must prioritize the deployment of the vendor-supplied patch to all affected systems. Although CVE-2025-5662 is not currently on the CISA KEV list, its high severity makes it a likely candidate for future inclusion. If patching is delayed, compensating controls must be implemented without exception.